- check if user is owner of file
- delete unnecessary models and web routes
This commit is contained in:
Arno Kaimbacher
parent
0d6cf1158f
commit
7b34e57aee
7 changed files with 74 additions and 183 deletions
|
|
@ -1,82 +0,0 @@
|
|||
<?php
|
||||
namespace App\Http\Controllers;
|
||||
|
||||
use App\Http\Requests;
|
||||
use App\Http\Controllers\Controller;
|
||||
use App\Book;
|
||||
use App\Models\Project;
|
||||
use App\Shelf;
|
||||
use App\Http\Requests\BookRequest;
|
||||
use Illuminate\Http\Request;
|
||||
use Illuminate\View\View;
|
||||
|
||||
class BookController extends Controller
|
||||
{
|
||||
public function __construct()
|
||||
{
|
||||
$this->middleware('auth');
|
||||
}
|
||||
|
||||
public function index() : View
|
||||
{
|
||||
//$books = Book::with('category', 'shelf')->get();
|
||||
$books = Book::with('project')->get();
|
||||
return view('rdr.settings.book.book', compact('books'));
|
||||
}
|
||||
|
||||
public function add()
|
||||
{
|
||||
$categories = Project::pluck('name', 'id');
|
||||
$shelves = Shelf::pluck('shelf', 'id');
|
||||
|
||||
$datum = date('Y-m-d');
|
||||
$nowYear = substr($datum, 0, 4);
|
||||
$years = array();
|
||||
for ($jahr = 1990; $jahr <= $nowYear; $jahr++) {
|
||||
$years[$jahr] = $jahr;
|
||||
}
|
||||
|
||||
return view('rdr.settings.book.add', compact('categories', 'shelves', 'years'));
|
||||
}
|
||||
|
||||
public function store(BookRequest $request)
|
||||
{
|
||||
$input = $request->all();
|
||||
$book = Book::create($input);
|
||||
session()->flash('flash_message', 'You have been addded 1 book!');
|
||||
return redirect()->route('settings.book');
|
||||
}
|
||||
|
||||
public function edit($id)
|
||||
{
|
||||
$book = Book::findOrFail($id);
|
||||
$categories = Project::pluck('name', 'id');
|
||||
// $shelves = Shelf::pluck('shelf', 'id');
|
||||
|
||||
$datum = date('Y-m-d');
|
||||
$nowYear = substr($datum, 0, 4);
|
||||
$years = array();
|
||||
for ($jahr = 1990; $jahr <= $nowYear; $jahr++) {
|
||||
$years[$jahr] = $jahr;
|
||||
}
|
||||
return view('rdr.settings.book.edit', compact('book', 'categories', 'years'));
|
||||
//return view('rdr.settings.book.edit', compact('book', 'categories', 'shelves', 'years'));
|
||||
}
|
||||
|
||||
public function update($id, BookRequest $request)
|
||||
{
|
||||
$book = Book::findOrFail($id);
|
||||
$input = $request->all();
|
||||
$book->update($input);
|
||||
session()->flash('flash_message', 'You have updated 1 book!');
|
||||
return redirect()->route('settings.book');
|
||||
}
|
||||
|
||||
public function delete($id)
|
||||
{
|
||||
$book = Book::findOrFail($id);
|
||||
$book->delete();
|
||||
session()->flash('flash_message', 'You have deleted 1 book!');
|
||||
return redirect()->route('settings.book');
|
||||
}
|
||||
}
|
||||
|
|
@ -1,58 +0,0 @@
|
|||
<?php
|
||||
namespace App\Http\Controllers;
|
||||
|
||||
use App\Http\Requests;
|
||||
use App\Http\Controllers\Controller;
|
||||
use App\Periode;
|
||||
use App\Student;
|
||||
use App\Http\Requests\PeriodeRequest;
|
||||
use Illuminate\Http\Request;
|
||||
|
||||
class PeriodeController extends Controller
|
||||
{
|
||||
|
||||
public function __construct()
|
||||
{
|
||||
$this->middleware('auth');
|
||||
}
|
||||
|
||||
public function index()
|
||||
{
|
||||
$periodes = Periode::get();
|
||||
return view('lms.settings.periode.periode', compact('periodes'));
|
||||
}
|
||||
|
||||
public function edit($id)
|
||||
{
|
||||
$periode = Periode::findOrFail($id);
|
||||
return view('lms.settings.periode.edit', compact('periode'));
|
||||
}
|
||||
|
||||
public function update($id, PeriodeRequest $request)
|
||||
{
|
||||
$periode = Periode::findOrFail($id);
|
||||
|
||||
$input = $request->all();
|
||||
|
||||
$periode->update($input);
|
||||
|
||||
//process
|
||||
$tglSekarang = time();
|
||||
|
||||
$students = Student::get();
|
||||
|
||||
foreach ($students as $student) {
|
||||
$dateDiff = $tglSekarang - $student['registered_at'];
|
||||
$durasi = floor($dateDiff/(60 * 60 * 24));
|
||||
$periodes = Periode::first();
|
||||
if ($durasi > $periodes['days']) {
|
||||
$student->update(['status' => 0]);
|
||||
} else {
|
||||
$student->update(['status' => 1]);
|
||||
}
|
||||
}
|
||||
|
||||
session()->flash('flash_message', 'You have been updated periode!');
|
||||
return redirect()->route('settings.periode');
|
||||
}
|
||||
}
|
||||
|
|
@ -116,7 +116,7 @@ class EditorController extends Controller
|
|||
$referenceTypes = ["rdr-id", "arXiv", "bibcode", "DOI", "EAN13", "EISSN", "Handle", "IGSN", "ISBN", "ISSN", "ISTC", "LISSN", "LSID", "PMID", "PURL", "UPC", "URL", "URN"];
|
||||
$referenceTypes = array_combine($referenceTypes, $referenceTypes);
|
||||
|
||||
$relationTypes = ["IsCitedBy", "Cites", "IsSupplementTo", "IsSupplementedBy", "IsContinuedBy", "Continues", "HasMetadata", "IsMetadataFor","IsNewVersionOf", "IsPreviousVersionOf", "IsPartOf", "HasPart", "IsReferencedBy", "References"];
|
||||
$relationTypes = ["IsCitedBy", "Cites", "IsSupplementTo", "IsSupplementedBy", "IsContinuedBy", "Continues", "HasMetadata", "IsMetadataFor","IsNewVersionOf", "IsPreviousVersionOf", "IsPartOf", "HasPart", "IsReferencedBy", "References"];
|
||||
// "IsDocumentedBy", "Documents", "IsCompiledBy", "Compiles", "IsVariantFormOf", "IsOriginalFormOf", "IsIdenticalTo", "IsReviewedBy", "Reviews", "IsDerivedFrom", "IsSourceOf"];
|
||||
$relationTypes = array_combine($relationTypes, $relationTypes);
|
||||
|
||||
|
|
|
|||
|
|
@ -64,6 +64,7 @@ class Kernel extends HttpKernel
|
|||
'permission' => \Zizaco\Entrust\Middleware\EntrustPermission::class,
|
||||
'ability' => \Zizaco\Entrust\Middleware\EntrustAbility::class,
|
||||
'isUserDatasetAdmin' => \App\Http\Middleware\WebAuthorizeDataset::class,
|
||||
'isUserFileOwner' => \App\Http\Middleware\WebAuthorizeFile::class,
|
||||
|
||||
];
|
||||
}
|
||||
|
|
|
|||
60
app/Http/Middleware/WebAuthorizeFile.php
Normal file
60
app/Http/Middleware/WebAuthorizeFile.php
Normal file
|
|
@ -0,0 +1,60 @@
|
|||
<?php
|
||||
|
||||
namespace App\Http\Middleware;
|
||||
|
||||
use Closure;
|
||||
use Illuminate\Contracts\Auth\Guard;
|
||||
use App\Models\Dataset;
|
||||
use App\Models\User;
|
||||
use App\Models\File;
|
||||
|
||||
class WebAuthorizeFile
|
||||
{
|
||||
const DELIMITER = '|';
|
||||
|
||||
protected $auth;
|
||||
|
||||
/**
|
||||
* Creates a new instance of the middleware.
|
||||
*
|
||||
* @param Guard $auth
|
||||
*/
|
||||
public function __construct(Guard $auth)
|
||||
{
|
||||
$this->auth = $auth;
|
||||
}
|
||||
|
||||
/**
|
||||
* Handle an incoming request.
|
||||
*
|
||||
* @param \Illuminate\Http\Request $request
|
||||
* @param \Closure $next
|
||||
* @return mixed
|
||||
*/
|
||||
public function handle(\Illuminate\Http\Request $request, Closure $next)
|
||||
{
|
||||
// if ($this->auth->guest() || !$request->user()->can("Administrator")) {
|
||||
// abort(403);
|
||||
// }
|
||||
$userId = $this->auth->user()->id;
|
||||
$fileId = $request->route('id');
|
||||
$file = File::with('dataset')->findOrFail($fileId);
|
||||
$datasetId = $file->dataset->id;
|
||||
|
||||
if ($this->auth->guest() || !$this->isUserDatasetAdmin($userId, $datasetId)) {
|
||||
abort(403, "You are not allowed to do this action!");
|
||||
}
|
||||
return $next($request);
|
||||
}
|
||||
|
||||
private function isUserDatasetAdmin($userId, $datasetId)
|
||||
{
|
||||
$dataset = Dataset::with('user:id,login')->findOrFail($datasetId);
|
||||
$user = User::findOrFail($userId);
|
||||
if ($dataset->user->id == $user->id) { //} || $user->can("administrator")) {
|
||||
return true;
|
||||
} else {
|
||||
return false;
|
||||
}
|
||||
}
|
||||
}
|
||||
Loading…
Add table
editor.link_modal.header
Reference in a new issue